LDAP Controls and Session Support
A DSML session is typically used to support LDAP controls and extended operations. The session is required to handle the multiple request-response communications.
To help determine when DSML sessions are required, LDAP controls and extended operations are categorized into four types:
Session support required
For example, a page size control or VLV control.
Stateless controls
For example, tombstone, sort, or dirsync controls.
Unknown controls
Because the LDAP control mechanism is extensible, you can create a new LDAP control or an extended operation that is not recognized by the DSML V2 server.
Forbidden controls
Controls not supported by the server.
The following table lists behavior that can be expected in session and stateless requests.
| Control type | Session request | Stateless request |
|---|---|---|
| Session support required controls | Allowed. | Forbidden. Error response will be generated. |
| Stateless controls | Allowed. Behavior should be identical to stateless. | Allowed. |
| Unknown controls | Allowed. | Forbidden. Error response will be generated. |
| Forbidden controls | Forbidden. Error response will be generated. | Forbidden. Error response will be generated. |
LDAP Controls and Extended Operations supported by Active Directory
The following table lists the set of LDAP controls and extended operations that are currently supported in Active Directory.
| LDAP OID | Name | Description | Control type |
|---|---|---|---|
| 1.2.840.113556.1.4.319 | LDAP_PAGED_RESULT_OID_STRING | Paged search control | Session required |
| 1.2.840.113556.1.4.417 | LDAP_SERVER_SHOW_DELETED_OID | Show deleted control | Stateless |
| 1.2.840.113556.1.4.473 | LDAP_SERVER_SORT_OID | Server sort control | Stateless |
| 1.2.840.113556.1.4.521 | LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID | Cross-domain move control | Stateless |
| 1.2.840.113556.1.4.528 | LDAP_SERVER_NOTIFICATION_OID | Server search notification control | Forbidden |
| 1.2.840.113556.1.4.529 | LDAP_SERVER_EXTENDED_DN_OID | Extended DN control | Stateless |
| 1.2.840.113556.1.4.619 | LDAP_SERVER_LAZY_COMMIT_OID | Lazy commit control | Stateless |
| 1.2.840.113556.1.4.801 | LDAP_SERVER_SD_FLAGS_OID | Security descriptor flags control | Stateless |
| 1.2.840.113556.1.4.805 | LDAP_SERVER_TREE_DELETE_OID | Tree delete control | Stateless |
| 1.2.840.113556.1.4.841 | LDAP_SERVER_DIRSYNC_OID | Directory synchronization control | Stateless |
| 1.2.840.113556.1.4.970 | None | Get stats control | Stateless |
| 1.2.840.113556.1.4.1338 | LDAP_SERVER_VERIFY_NAME_OID | Verify name control | Stateless |
| 1.2.840.113556.1.4.1339 | LDAP_SERVER_DOMAIN_SCOPE_OID | Domain scope control | Stateless |
| 1.2.840.113556.1.4.1340 | LDAP_SERVER_SEARCH_OPTIONS_OID | Search options control | Stateless |
| 1.2.840.113556.1.4.1413 | LDAP_SERVER_PERMISSIVE_MODIFY_OID | Permissive modify control | Stateless |
| 1.2.840.113556.1.4.1504 | LDAP_SERVER_ASQ_OID | Attribute scoped query control | Stateless |
| 1.2.840.113556.1.4.1781 | LDAP_SERVER_FAST_BIND_OID | Fast concurrent bind extended operation | Forbidden |
| 1.3.6.1.4.1.1466.101.119.1 | LDAP_TTL_EXTENDED_OP_OID | TTL refresh extended operation | Stateless |
| 1.3.6.1.4.1.1466.20037 | LDAP_START_TLS_OID | Start TLS extended operation | Forbidden |
| 2.16.840.1.113730.3.4.9 | LDAP_CONTROL_VLVREQUEST | VLV request control | Session required |